* @author Kornel Lesiński * @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public License * @version SVN: $Id: EscapeHTMLTest.php 888 2010-06-08 09:48:33Z kornel $ * @link http://phptal.org/ */ class EscapeHTMLTest extends PHPTAL_TestCase { private function executeString($str, $params = array()) { $tpl = $this->newPHPTAL(); foreach ($params as $k => $v) $tpl->set($k, $v); $tpl->setSource($str); return $tpl->execute(); } function testDoesEscapeHTMLContent(){ $tpl = $this->newPHPTAL('input/escape.html'); $exp = normalize_html_file('output/escape.html'); $res = normalize_html($tpl->execute()); $this->assertEquals($exp, $res); } function testEntityDecodingPath1() { $res = $this->executeString('
'); $this->assertNotContains('&', $res); } function testEntityDecodingBeforePHP() { /* PHP block in attributes gets raw input (that's not XML style, but PHP style) */ $res = $this->executeString('
'. ',${php:strlen(\'"&\')}
'); $this->assertEquals('
2,2
', $res); } function testEntityEncodingAfterPHP() { $res = $this->executeString('
,${php:urldecode(\'%26%22%3C\')}
'); $this->assertEquals('
&"<,&"<
', $res); } function testNoEntityEncodingAfterStructurePHP() { $res = $this->executeString('
'. ',${structure php:urldecode(\'%26%20%3E%22\')},
'); $this->assertEquals('
& >",& >",& >"
', $res); } function testDecodingBeforeStructure() { $res = $this->executeString('
'); $this->assertNotContains('&', $res); } function testEntityDecodingPHP1() { $res = $this->executeString('
'); $this->assertNotContains('&', $res); } function testEntityDecodingPath2() { $res = $this->executeString('
'); $this->assertNotContains('&', $res); } function testEntityDecodingPHP2() { $res = $this->executeString('
'); $this->assertNotContains('&', $res); } function testEntityDecodingPath3() { $res = $this->executeString('

${\'" quote character\'}

'); $this->assertNotContains('&', $res); } function testEntityDecodingPHP3() { $res = $this->executeString('

${php:\'" quote character\'}

'); $this->assertNotContains('&', $res); } function testEntityEncodingPath1() { $res = $this->executeString('
'); $this->assertContains('&', $res); $this->assertNotContains('&amp;', $res); $this->assertNotContains('&&', $res); } function testEntityEncodingPHP1() { $res = $this->executeString('
'); $this->assertContains('&', $res); $this->assertNotContains('&amp;', $res); $this->assertNotContains('&&', $res); } function testEntityEncodingPath2() { $res = $this->executeString('
'); $this->assertContains('&', $res); $this->assertNotContains('&amp;', $res); $this->assertNotContains('&&', $res); } function testEntityEncodingVariables() { $res = $this->executeString('
${variable}${php:variable}
', array('variable'=>'& = ampersand, " = quote, \' = apostrophe')); $this->assertContains('&',$res); $this->assertNotContains('&amp;',$res); $this->assertNotContains('&&',$res); } function testEntityEncodingAttributesDefault1() { $res = $this->executeString('
'); $this->assertContains('&', $res); $this->assertNotContains('&amp;', $res); $this->assertNotContains('&&', $res); } function testEntityEncodingAttributesDefault2() { $res = $this->executeString('
'); $this->assertNotContains('&', $res); $this->assertContains('"', $res); // or apos... } function testEntityEncodingPHP2() { $res = $this->executeString('
'); $this->assertContains('&', $res); $this->assertNotContains('&amp;', $res); $this->assertNotContains('&&', $res); } function testEntityEncodingPath3() { $res = $this->executeString('

${\'& ampersand character\'}

'); $this->assertContains('&', $res); $this->assertNotContains('&amp;', $res); $this->assertNotContains('&&', $res); } function testEntityEncodingPHP3() { $res = $this->executeString('

&{php:\'& ampersand character\'}

'); $this->assertContains('&', $res); $this->assertNotContains('&amp;', $res); $this->assertNotContains('&&', $res); } function testSimpleXML() { $tpl = $this->newPHPTAL(); $tpl->setSource('

${x} ${y}

'); $simplexml = new SimpleXMLElement('foo&<'); $tpl->x = $simplexml['title']; $tpl->y = $simplexml['empty']; $this->assertEquals('

bar&<

', $tpl->execute()); } function testStructureSimpleXML() { $tpl = $this->newPHPTAL(); $tpl->setSource('

${structure x} ${structure y}

'); $simplexml = new SimpleXMLElement('foo&<'); $tpl->x = $simplexml['title']; $tpl->y = $simplexml['empty']; $this->assertEquals('

bar&<

', $tpl->execute()); } function testUnicodeUnescaped() { $tpl = $this->newPHPTAL(); $tpl->World = '${World}'; // a quine! ;) $tpl->setSource($src = '

Hello “${World}!”

'); $this->assertEquals($src, $tpl->execute()); } }